General
-
Target
141b5beaa4b4d508c2f1a248beebffc48116c69f4ec86bf9708c3e10bf610c2f
-
Size
128KB
-
Sample
221120-lc998sff46
-
MD5
37de830713188a0c53ed4f1e29a4d191
-
SHA1
00499137624e364dc5395de01c50214c5ed50e59
-
SHA256
141b5beaa4b4d508c2f1a248beebffc48116c69f4ec86bf9708c3e10bf610c2f
-
SHA512
ee5bbad2543bb17cc3a5762a42ac636fb1019135aedc0794e1914b25acb4a9762ac2998d5a71e7a17e7dab17c9efa842a220987a99d5ffc81c0495e7421b8ecc
-
SSDEEP
3072:HLzBLapUn2kBwImr2HqLCIyjIPuOwMvxfEMdG63LrRSzw9:H4kuzc7IyOxhR3Ow
Static task
static1
Behavioral task
behavioral1
Sample
141b5beaa4b4d508c2f1a248beebffc48116c69f4ec86bf9708c3e10bf610c2f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
141b5beaa4b4d508c2f1a248beebffc48116c69f4ec86bf9708c3e10bf610c2f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/ponyz/gate.php
http://andlettherebelight.com/ponyz/gate.php
http://firepointmedia.net/ponyz/gate.php
http://graphicspecialistsgroup.com/ponyz/gate.php
-
payload_url
http://paperlesscontact.com/EzGhUN.exe
http://1726308.sites.myregisteredsite.com/9ZsS.exe
http://rigbers.de/sSJex.exe
Targets
-
-
Target
141b5beaa4b4d508c2f1a248beebffc48116c69f4ec86bf9708c3e10bf610c2f
-
Size
128KB
-
MD5
37de830713188a0c53ed4f1e29a4d191
-
SHA1
00499137624e364dc5395de01c50214c5ed50e59
-
SHA256
141b5beaa4b4d508c2f1a248beebffc48116c69f4ec86bf9708c3e10bf610c2f
-
SHA512
ee5bbad2543bb17cc3a5762a42ac636fb1019135aedc0794e1914b25acb4a9762ac2998d5a71e7a17e7dab17c9efa842a220987a99d5ffc81c0495e7421b8ecc
-
SSDEEP
3072:HLzBLapUn2kBwImr2HqLCIyjIPuOwMvxfEMdG63LrRSzw9:H4kuzc7IyOxhR3Ow
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-